bss->eap_sim_db_timeout = atoi(pos);
} else if (os_strcmp(buf, "eap_sim_aka_result_ind") == 0) {
bss->eap_sim_aka_result_ind = atoi(pos);
+ } else if (os_strcmp(buf, "eap_sim_id") == 0) {
+ bss->eap_sim_id = atoi(pos);
#endif /* EAP_SERVER_SIM */
#ifdef EAP_SERVER_TNC
} else if (os_strcmp(buf, "tnc") == 0) {
# (default: 0 = disabled).
#eap_sim_aka_result_ind=1
+# EAP-SIM and EAP-AKA identity options
+# 0 = do not use pseudonyms or fast reauthentication
+# 1 = use pseudonyms, but not fast reauthentication
+# 2 = do not use pseudonyms, but use fast reauthentication
+# 3 = use pseudonyms and use fast reauthentication (default)
+#eap_sim_id=3
+
# Trusted Network Connect (TNC)
# If enabled, TNC validation will be required before the peer is allowed to
# connect. Note: This is only used with EAP-TTLS and EAP-FAST. If any other
bss->radius_server_auth_port = 1812;
bss->eap_sim_db_timeout = 1;
+ bss->eap_sim_id = 3;
bss->ap_max_inactivity = AP_MAX_INACTIVITY;
bss->eapol_version = EAPOL_VERSION;
int eap_teap_auth;
int eap_teap_pac_no_inner;
int eap_sim_aka_result_ind;
+ int eap_sim_id;
int tnc;
int fragment_size;
u16 pwd_group;
srv.eap_teap_auth = conf->eap_teap_auth;
srv.eap_teap_pac_no_inner = conf->eap_teap_pac_no_inner;
srv.eap_sim_aka_result_ind = conf->eap_sim_aka_result_ind;
+ srv.eap_sim_id = conf->eap_sim_id;
srv.tnc = conf->tnc;
srv.wps = hapd->wps;
srv.ipv6 = conf->radius_server_ipv6;
conf.eap_teap_auth = hapd->conf->eap_teap_auth;
conf.eap_teap_pac_no_inner = hapd->conf->eap_teap_pac_no_inner;
conf.eap_sim_aka_result_ind = hapd->conf->eap_sim_aka_result_ind;
+ conf.eap_sim_id = hapd->conf->eap_sim_id;
conf.tnc = hapd->conf->tnc;
conf.wps = hapd->wps;
conf.fragment_size = hapd->conf->fragment_size;
int eap_teap_auth;
int eap_teap_pac_no_inner;
int eap_sim_aka_result_ind;
+ int eap_sim_id;
int tnc;
struct wps_context *wps;
const struct wpabuf *assoc_wps_ie;
int eap_teap_auth;
int eap_teap_pac_no_inner;
int eap_sim_aka_result_ind;
+ int eap_sim_id;
int tnc;
u16 pwd_group;
struct wps_context *wps;
sm->eap_teap_auth = conf->eap_teap_auth;
sm->eap_teap_pac_no_inner = conf->eap_teap_pac_no_inner;
sm->eap_sim_aka_result_ind = conf->eap_sim_aka_result_ind;
+ sm->eap_sim_id = conf->eap_sim_id;
sm->tnc = conf->tnc;
sm->wps = conf->wps;
if (conf->assoc_wps_ie)
const u8 *nonce_s)
{
os_free(data->next_pseudonym);
- if (nonce_s == NULL) {
+ if (!(sm->eap_sim_id & 0x01)) {
+ /* Use of pseudonyms disabled in configuration */
+ data->next_pseudonym = NULL;
+ } else if (!nonce_s) {
data->next_pseudonym =
eap_sim_db_get_next_pseudonym(
sm->eap_sim_db_priv,
data->next_pseudonym = NULL;
}
os_free(data->next_reauth_id);
- if (data->counter <= EAP_AKA_MAX_FAST_REAUTHS) {
+ if (!(sm->eap_sim_id & 0x02)) {
+ /* Use of fast reauth disabled in configuration */
+ data->next_reauth_id = NULL;
+ } else if (data->counter <= EAP_AKA_MAX_FAST_REAUTHS) {
data->next_reauth_id =
eap_sim_db_get_next_reauth_id(
sm->eap_sim_db_priv,
const u8 *nonce_s)
{
os_free(data->next_pseudonym);
- if (nonce_s == NULL) {
+ if (!(sm->eap_sim_id & 0x01)) {
+ /* Use of pseudonyms disabled in configuration */
+ data->next_pseudonym = NULL;
+ } else if (!nonce_s) {
data->next_pseudonym =
eap_sim_db_get_next_pseudonym(sm->eap_sim_db_priv,
EAP_SIM_DB_SIM);
data->next_pseudonym = NULL;
}
os_free(data->next_reauth_id);
- if (data->counter <= EAP_SIM_MAX_FAST_REAUTHS) {
+ if (!(sm->eap_sim_id & 0x02)) {
+ /* Use of fast reauth disabled in configuration */
+ data->next_reauth_id = NULL;
+ } else if (data->counter <= EAP_SIM_MAX_FAST_REAUTHS) {
data->next_reauth_id =
eap_sim_db_get_next_reauth_id(sm->eap_sim_db_priv,
EAP_SIM_DB_SIM);
eap_conf.eap_teap_auth = eapol->conf.eap_teap_auth;
eap_conf.eap_teap_pac_no_inner = eapol->conf.eap_teap_pac_no_inner;
eap_conf.eap_sim_aka_result_ind = eapol->conf.eap_sim_aka_result_ind;
+ eap_conf.eap_sim_id = eapol->conf.eap_sim_id;
eap_conf.tnc = eapol->conf.tnc;
eap_conf.wps = eapol->conf.wps;
eap_conf.assoc_wps_ie = assoc_wps_ie;
dst->eap_teap_auth = src->eap_teap_auth;
dst->eap_teap_pac_no_inner = src->eap_teap_pac_no_inner;
dst->eap_sim_aka_result_ind = src->eap_sim_aka_result_ind;
+ dst->eap_sim_id = src->eap_sim_id;
dst->tnc = src->tnc;
dst->wps = src->wps;
dst->fragment_size = src->fragment_size;
int eap_teap_auth;
int eap_teap_pac_no_inner;
int eap_sim_aka_result_ind;
+ int eap_sim_id;
int tnc;
struct wps_context *wps;
int fragment_size;
*/
int eap_sim_aka_result_ind;
+ int eap_sim_id;
+
/**
* tnc - Trusted Network Connect (TNC)
*
eap_conf.eap_teap_auth = data->eap_teap_auth;
eap_conf.eap_teap_pac_no_inner = data->eap_teap_pac_no_inner;
eap_conf.eap_sim_aka_result_ind = data->eap_sim_aka_result_ind;
+ eap_conf.eap_sim_id = data->eap_sim_id;
eap_conf.tnc = data->tnc;
eap_conf.wps = data->wps;
eap_conf.pwd_group = data->pwd_group;
data->eap_teap_pac_no_inner = conf->eap_teap_pac_no_inner;
data->get_eap_user = conf->get_eap_user;
data->eap_sim_aka_result_ind = conf->eap_sim_aka_result_ind;
+ data->eap_sim_id = conf->eap_sim_id;
data->tnc = conf->tnc;
data->wps = conf->wps;
data->pwd_group = conf->pwd_group;
*/
int eap_sim_aka_result_ind;
+ int eap_sim_id;
+
/**
* tnc - Trusted Network Connect (TNC)
*